[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2023-38408,openssh: triage as no-dsa for Buster

Markus Koschany (@apo) apo at debian.org
Sun Jul 30 16:11:38 BST 2023 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e1b48a3 by Markus Koschany at 2023-07-30T17:11:21+02:00
CVE-2023-38408,openssh: triage as no-dsa for Buster

Requires specific conditions like forwarding and an already compromised system.

- - - - -
f99b7d3a by Markus Koschany at 2023-07-30T17:11:22+02:00
CVE-2023-37769,pixman: triage Buster as no-dsa

Minor issue. Affects only a test executable.

- - - - -
cd0354a8 by Markus Koschany at 2023-07-30T17:11:23+02:00
CVE-2022-40896,pygments: Buster is no-dsa

Minor issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -916,6 +916,7 @@ CVE-2023-38408 (The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an
 	- openssh 1:9.3p2-1 (bug #1042460)
 	[bookworm] - openssh <no-dsa> (Minor issue; needs specific conditions and forwarding was always subject to caution warning)
 	[bullseye] - openssh <no-dsa> (Minor issue; needs specific conditions and forwarding was always subject to caution warning)
+	[buster] - openssh <no-dsa> (Minor issue; needs specific conditions and forwarding was always subject to caution warning)
 	NOTE: https://www.openwall.com/lists/oss-security/2023/07/19/9
 	NOTE: https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc
 	NOTE: https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a
@@ -1310,6 +1311,7 @@ CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a FPE
 	- pixman <unfixed>
 	[bookworm] - pixman <no-dsa> (Minor issue)
 	[bullseye] - pixman <no-dsa> (Minor issue)
+	[buster] - pixman <no-dsa> (Minor issue)
 	NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76
 CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for developing ...)
 	NOT-FOR-US: Open Enclave
@@ -62456,6 +62458,7 @@ CVE-2022-40896 (A ReDoS issue was discovered in pygments/lexers/smithy.py in pyg
 	- pygments 2.15.1+dfsg-1
 	[bookworm] - pygments <no-dsa> (Minor issue)
 	[bullseye] - pygments <no-dsa> (Minor issue)
+	[buster] - pygments <no-dsa> (Minor issue)
 	NOTE: https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/
 	NOTE: https://github.com/pygments/pygments/issues/2356
 	NOTE: https://github.com/pygments/pygments/issues/2355



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/430234d8a7ee36b7524477c93617653edf258416...cd0354a852929113c42f2428d026b682a962e53d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/430234d8a7ee36b7524477c93617653edf258416...cd0354a852929113c42f2428d026b682a962e53d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230730/24177efa/attachment.htm>

More information about the debian-security-tracker-commits mailing list